CN113259401B

CN113259401B - Vehicle data control method, device, equipment and storage medium

Info

Publication number: CN113259401B
Application number: CN202110798828.6A
Authority: CN
Inventors: 尚进; 於大维; 黄洪; 赵伟
Original assignee: Guoqi Intelligent Control Beijing Technology Co Ltd
Current assignee: Guoqi Intelligent Control Beijing Technology Co Ltd
Priority date: 2021-07-15
Filing date: 2021-07-15
Publication date: 2021-09-21
Anticipated expiration: 2041-07-15
Also published as: CN113259401A

Abstract

According to the control method, device, equipment and storage medium of the vehicle data, vehicle uploading data and vehicle downloading data acquired and processed by a system are acquired, and the vehicle uploading data comprises vehicle running data; the method comprises the steps of identifying vehicle running data according to multiple preset identification modes, determining whether sensitive area information is collected in the running process of a vehicle, determining whether vehicle uploading data and vehicle downloading data comprise privacy data or not according to a preset total data dictionary, carrying out risk assessment on a target IP address corresponding to the vehicle uploading data, determining whether the target IP address is a suspicious IP address or not, and if the sensitive area information, the vehicle uploading data and the vehicle downloading data comprise the privacy data or the target IP address is the suspicious IP address, protecting according to a predefined policy rule, so that the real-time performance and the timeliness of vehicle data control are improved, and meanwhile, the efficiency of vehicle data control is improved.

Description

Vehicle data control method, device, equipment and storage medium

Technical Field

The present invention relates to the field of vehicle data control, and in particular, to a method, an apparatus, a device, and a storage medium for controlling vehicle data.

Background

With the continuous development of intellectualization and networking, the current novel intelligent driving automobile gradually becomes a high-performance, high-capacity and real-time mobile data center, and carries out a large amount of data interaction with the application of the cloud. The data has the characteristics of various types, coexistence of structural and non-structural forms, high instantaneity, timeliness and mobility, and meanwhile, the data content relates to personal privacy and even country sensitive geographic information, so that effective data security and privacy protection measures are needed.

However, the current industry does not have a mature vehicle data security and privacy protection scheme, and even how to define whether the geographic information collected in the driving process belongs to sensitive geographic information and implement protection in the real-time running process of the vehicle is an important subject in the field of automatic driving data.

The existing data privacy protection products for enterprise environments, such as DLP (digital light processing) and the like, generally need a large amount of computing resources, can only be suitable for completely different working flows, cannot be used for intelligent vehicle data environments, and cannot meet the requirements of instantaneity and timeliness of automatic driving vehicle data processing.

Disclosure of Invention

The invention provides a vehicle data control method, a vehicle data control device, vehicle data control equipment and a storage medium, which are used for solving the problems of poor real-time performance and poor timeliness of vehicle data processing in the prior art.

In one aspect, the present invention provides a control method of vehicle data, including:

the method comprises the steps of acquiring vehicle real-time data acquired and processed by a system, wherein the vehicle real-time data comprises vehicle uploading data and vehicle downloading data, and the vehicle uploading data comprises vehicle running data;

identifying the vehicle driving data according to multiple preset identification modes to determine whether the vehicle acquires sensitive area information in the driving process;

determining whether the vehicle uploading data and/or the vehicle downloading data comprise privacy data or not according to a preset total data dictionary;

performing risk assessment on a target IP address corresponding to the vehicle uploading data, and determining whether the target IP address is a suspicious IP address;

and if the fact that the vehicle acquires sensitive area information, the vehicle uploading data and/or the vehicle downloading data comprise privacy data or the target IP address is a suspicious IP address in the driving process is determined, protection is carried out according to a predefined policy rule.

Optionally, the identifying the vehicle driving data according to a plurality of preset identification modes to determine whether the vehicle acquires the sensitive area information in the driving process includes:

determining a route position and a current position of the vehicle from the vehicle driving data;

determining whether a place corresponding to the path position or the current position is the same as a sensitive place in the sensitive area information base or not based on the acquired sensitive area information base;

and if the position corresponding to the path position or the current position is judged to be the same as the sensitive position in the sensitive area information base, determining that the vehicle acquires the sensitive area information in the driving process.

judging whether a special mark of a sensitive area is identified in the driving process of the vehicle or not through a vehicle target perception algorithm;

and if the special mark of the sensitive area is identified in the driving process of the vehicle, determining that the sensitive area information is acquired in the driving process of the vehicle.

acquiring peripheral image information of the vehicle;

judging whether a special mark of a sensitive area is identified in the driving process of the vehicle or not through a vehicle target perception algorithm and the surrounding image information;

Optionally, before determining whether the vehicle upload data and/or the vehicle download data include private data according to a preset total data dictionary, the method further includes:

the method comprises the steps that a plurality of acquired collection source data of a plurality of vehicles are processed based on a plurality of preset processing nodes to generate a total data dictionary, the total data dictionary comprises data types and attribute information corresponding to each data type, and the attribute information comprises sources, storage modes, destruction time limits or safety levels.

Optionally, the determining, according to a preset total data dictionary, whether the vehicle upload data and/or the vehicle download data include private data includes:

determining the data type and corresponding attribute information of the vehicle uploading data and/or the vehicle downloading data based on the total data dictionary;

and when the data type to which the vehicle uploading data and/or the vehicle downloading data belong comprises identity data and the security level corresponding to the identity data is greater than a preset security level, determining that the vehicle uploading data and/or the vehicle downloading data comprise privacy data.

Optionally, the performing risk assessment on the target IP address corresponding to the vehicle upload data and determining whether the target IP address is a suspicious IP address includes:

according to a preset threat attack credit database, performing risk assessment on a target IP address corresponding to the vehicle uploading data, and determining whether the target IP address is a suspicious IP address; alternatively, the first and second electrodes may be,

and determining whether the target IP address is a suspicious IP address or not in an IP address reverse query mode.

Optionally, the performing risk assessment on the target IP address corresponding to the vehicle upload data according to a preset threat attack reputation base, and determining whether the target IP address is a suspicious IP address, includes:

judging whether the target IP address is the same as a suspicious IP address in a preset threat attack credit database or not;

and if the target IP address is judged to be the same as the suspicious IP address in the preset threat attack credit database, determining the target IP address as the suspicious IP address.

Optionally, if it is determined that the vehicle acquires sensitive area information, the vehicle upload data, and/or the vehicle download data includes private data or the target IP address is a suspicious IP address during the driving process, performing protection according to a predefined policy rule, including:

if the fact that the sensitive area information is collected in the driving process of the vehicle is determined, protection is carried out according to a predefined strategy rule, wherein the strategy rule comprises one or the combination of any several items: monitoring data acquisition using activities by using logs, performing fuzzification desensitization treatment on image data of a camera of the vehicle, interrupting data acquisition or uploading of the vehicle, and sending a parking instruction;

if the vehicle uploading data and/or the vehicle downloading data are judged to comprise private data, protection is carried out according to a predefined policy rule, wherein the policy rule comprises one or any combination of the following items: interrupting data uploading or acquisition of the vehicle, recording an event of data uploading of the vehicle or an event of data downloading of the vehicle, and starting a user authorization application;

if the target IP address is judged to be a suspicious IP address, protection is carried out according to a predefined policy rule, wherein the policy rule comprises one or the combination of any two of the following items: and interrupting the data transmission of the vehicle and recording the event of uploading data by the vehicle.

Optionally, the predefined policy rules include multiple levels of policy rules and a priority corresponding to each level of policy rules.

Optionally, the plurality of collected source data includes vehicle dynamics data, map positioning data, vehicle positioning data, camera data, millimeter wave radar data, lidar data, ultrasonic radar data, or perception data derived from a vehicle chassis, wherein the perception data includes lane line identification data, lidar target data, or image target data.

In another aspect, the present invention provides a vehicle data control apparatus including:

the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring vehicle real-time data acquired and processed by the system, and the vehicle real-time data comprises vehicle uploading data and vehicle downloading data, and the vehicle uploading data comprises vehicle running data;

the determining module is used for identifying the vehicle driving data according to multiple preset identification modes and determining whether sensitive area information is acquired in the driving process of the vehicle; determining whether the vehicle uploading data and/or the vehicle downloading data comprise privacy data or not according to a preset total data dictionary; performing risk assessment on a target IP address corresponding to the vehicle uploading data, and determining whether the target IP address is a suspicious IP address;

and the processing module is used for protecting according to a predefined policy rule if it is determined that the vehicle acquires sensitive area information, the vehicle uploading data and/or the vehicle downloading data in the driving process comprise privacy data or the target IP address is a suspicious IP address.

In another aspect, the present invention provides a control apparatus of vehicle data, comprising: at least one processor and memory; the memory stores computer-executable instructions; the at least one processor executes the computer-executable instructions stored by the memory, causing the at least one processor to perform the method of controlling vehicle data described above.

In another aspect, the present invention provides a computer-readable storage medium having stored therein computer-executable instructions that, when executed by a processor, implement the above-described control method of vehicle data.

In another aspect, the present invention provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described control method of vehicle data.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.

FIG. 1 is a schematic diagram of a control system for vehicle data according to an embodiment of the present invention;

fig. 2 is a schematic view of an application scenario of control of vehicle data according to an embodiment of the present invention;

FIG. 3 is a flow chart illustrating a method for controlling vehicle data according to an embodiment of the present invention;

FIG. 4 is a schematic flow chart illustrating another method for controlling vehicle data according to an embodiment of the present invention;

fig. 5 is a scene schematic diagram for identifying whether sensitive area information is collected during a driving process of a vehicle according to an embodiment of the present invention;

fig. 6 is a schematic view of another scene for identifying whether sensitive area information is collected during a driving process of a vehicle according to an embodiment of the present invention;

fig. 7 is a schematic view of a scenario for performing protection according to policy rules according to an embodiment of the present invention;

fig. 8 is a schematic view of another scenario for performing protection according to policy rules according to an embodiment of the present invention;

fig. 9 is a schematic view of another scenario for performing protection according to policy rules according to an embodiment of the present invention;

fig. 10 is a schematic view of another scenario for performing protection according to policy rules according to an embodiment of the present invention;

fig. 11 is a schematic view of another scenario for performing protection according to policy rules according to an embodiment of the present invention;

fig. 12 is a schematic structural diagram of a vehicle data control device according to an embodiment of the present invention;

fig. 13 is a block diagram of a control apparatus for vehicle data according to an embodiment of the present invention.

With the above figures, certain embodiments of the invention have been illustrated and described in more detail below. The drawings and the description are not intended to limit the scope of the inventive concept in any way, but rather to illustrate it by those skilled in the art with reference to specific embodiments.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.

The terms to which the present invention relates will be explained first:

intelligent networked automobile operating System (Intelligent Connected Vehicle Operation System, ICVOS for short): the system is an operating system which takes an automobile as a main body, realizes orderly and safe driving of a plurality of vehicles by utilizing an environment perception technology, and provides diversified information services for users by means of a wireless communication network and the like. The intelligent networked automobile operating system consists of an environment sensing layer, an intelligent decision-making layer and a control and execution layer: environmental perception layer camera, lidar, millimeter wave radar, night vision sensor, GPS/BDS, 4G/5G, V2X. The method comprises the steps of intelligent decision-making layer road recognition, vehicle recognition, pedestrian recognition, traffic sign recognition, traffic signal recognition, driver fatigue recognition, decision analysis and judgment. Control and execution layer braking and driving control, steering control, gear control, cooperative control, safety early warning control and human-computer interaction control.

Fig. 1 is a schematic structural diagram of a vehicle data control system according to an embodiment of the present invention, and the vehicle data control method according to the present invention is applied to the vehicle data control system, and the vehicle data control system may also be an intelligent networked automobile operating system. The control system for vehicle data includes: the device comprises an acquisition unit 1, a processing unit 2 and a control unit 3.

Specifically, the acquisition unit 1 is used for acquiring vehicle real-time data acquired and processed by the system, and the vehicle real-time data includes vehicle uploading data and vehicle downloading data, wherein the vehicle uploading data includes vehicle running data and is used for vehicle cloud cooperative operation or other data analysis. The system in the "acquiring real-time data of the vehicle collected and processed by the system" refers to the ICVOS.

It should be noted that, in practical applications, the real-time data to be acquired and processed by the present invention may be acquired based on the sensor data (e.g., an environmental sensing layer camera, a laser radar, a millimeter wave radar, a night vision sensor, etc.) monitored by each monitoring point by setting a plurality of monitoring points in the acquisition unit 1.

The processing unit 2 is used for identifying the vehicle driving data according to a plurality of preset identification modes and determining whether the vehicle acquires sensitive area information in the driving process; determining whether the vehicle uploading data and/or the vehicle downloading data comprise privacy data or not according to a preset total data dictionary; and carrying out risk evaluation on a target IP address corresponding to the vehicle uploading data, and determining whether the target IP address is a suspicious IP address.

The processing unit 2 is further configured to process the acquired multiple pieces of collection source data of the multiple vehicles based on a plurality of preset processing nodes to generate a total data dictionary, where the total data dictionary includes data types and attribute information corresponding to each of the data types, and the attribute information includes a source, a storage mode, a destruction term, or a security level.

In practical applications, the processing unit 2 may be provided with a plurality of sub-processing units to process the events respectively. For example, by providing a sub-processing unit for determining the total dictionary data, the sub-processing unit further includes a plurality of processing nodes (e.g., each data source node, each control forwarding node of the data stream, a sensing, fusing, decision, planning and control algorithm node in the data stream, a non-self-driving function node in the data stream, etc.), and the processing nodes can process the acquired plurality of acquisition source data of the plurality of vehicles, so as to generate the total data dictionary. For example, by providing the sub-processing unit for determining the data type, when the vehicle upload data and/or the vehicle download data are acquired, it can be determined based on the total data dictionary that the source of the vehicle upload data and/or the vehicle download data, including which data, for what data, and other related attributes, and thus when it is determined that the vehicle upload data and/or the vehicle download data include identification data (e.g., identification number, phone number, bank card number, license plate number, VIN), it can be determined that they include private data.

The control unit 3 is configured to perform protection according to a predefined policy rule if it is determined that the vehicle acquires sensitive area information, the vehicle upload data, and/or the vehicle download data includes private data or the target IP address is a suspicious IP address during the driving process.

It should be noted that the control unit 3 includes a total data dictionary, a predefined policy rule, a threat reputation library, a sensitive geographic location library, and the like, and the control unit 3 can realize the judgment of the target IP address, the judgment of the vehicle driving to the sensitive area, and the like through these configuration components, and after the effective judgment, perform protection according to the predefined policy rule.

As can be known from the above description of the ICVOS, the ICVOS has a plurality of functions, including functions of identifying a flag, controlling and executing layer brake and drive control, safety warning control, and the like, and the present invention can implement the above scheme based on these functions. For example, based on the identification function of the ICVOS, whether the vehicle acquires the specific identifier of the sensitive area during the driving process can be identified to determine whether the vehicle acquires the sensitive area information during the driving process. Based on the control and execution layer brake and drive control function of the ICVOS, when the vehicle is found to acquire sensitive area information in the driving process, protection can be performed by performing fuzzification desensitization processing on image data of a camera of the vehicle, interrupting data acquisition or uploading of the vehicle or sending a parking instruction and the like.

The following describes an application scenario of vehicle data control and a workflow of controlling vehicle data by an intelligent networked automobile operating system:

as shown in fig. 2, the application scenario of the control of the vehicle data includes a vehicle 21, a cloud 22, and an intelligent networked vehicle operating system 23. The vehicle 21 is only an exemplary vehicle, and in practical applications, a plurality of vehicles in the intelligent network link execute the vehicle data control workflow of the present invention.

In this scenario, the vehicle 21 is configured to upload data to the cloud 22, or download data from the cloud 22, or upload data to the smart networked car operating system 23. The cloud 22 is used for receiving data uploaded by the vehicle 21 or providing downloaded data required by the vehicle 21 to the vehicle 21. The intelligent networked automobile operating system 23 is used for acquiring acquired and processed real-time data, the vehicle real-time data comprises vehicle uploading data and vehicle downloading data, the vehicle uploading data comprises vehicle running data, and the vehicle uploading data comprises data uploaded to the cloud end 22 by the vehicle 21 and/or data uploaded to the intelligent networked automobile operating system 23 by the vehicle 21.

Based on the scene, the intelligent networked automobile operating system 23 can identify the vehicle running data according to multiple preset identification modes, determine whether sensitive area information is collected during the running process of the vehicle, determine whether the vehicle uploading data and/or the vehicle downloading data comprise private data according to a preset total data dictionary, perform risk assessment on a target IP address corresponding to the vehicle uploading data, determine whether the target IP address is a suspicious IP address, and perform protection according to a predefined policy rule if it is determined that the sensitive area information, the vehicle uploading data and/or the vehicle downloading data comprise private data during the running process of the vehicle or the target IP address is the suspicious IP address.

Through the system, the problems of poor real-time performance and poor timeliness of vehicle data processing in the prior art can be solved, and meanwhile, the real-time performance and timeliness of vehicle data control are improved, and further the processing efficiency of the vehicle data control is improved.

The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.

Fig. 3 is a flowchart illustrating a method for controlling vehicle data according to an embodiment of the present invention, where the method of the present embodiment may be executed by a client. As shown in fig. 3, the method of this embodiment may include:

s101, vehicle real-time data collected and processed by a system are obtained, wherein the vehicle real-time data comprise vehicle uploading data and vehicle downloading data, and the vehicle uploading data comprise vehicle running data.

In this step, the real-time data includes user data and intelligent cockpit data in addition to vehicle upload data and vehicle download data. The system is referred to as an ICVOS.

In the embodiment of the invention, the ICVOS can acquire real-time data of a plurality of vehicles in a mode of monitoring a sensor group (such as an environmental perception layer camera, a laser radar, a millimeter wave radar, a night vision sensor, a GPS/BDS and 4G/5G, V2X) through a plurality of monitoring points. Specifically, the data collected and processed by the ICVOS may include: various collection source data, vehicle dynamics data from a vehicle chassis, map data, vehicle positioning data, camera data, millimeter wave radar data, laser radar data, ultrasonic radar data, perception data (lane line identification, laser radar targets, image targets, and the like), data of processing nodes, driving interaction control data from a cabin, infotainment data, interaction data with a road end cloud, and the like. The format of the data includes numbers (including binary), text, sound, or images.

And S102, identifying the vehicle running data according to multiple preset identification modes, and determining whether sensitive area information is acquired during the running process of the vehicle.

In this step, the identification mode may include judgment based on the sensitive region information base, identification based on the vehicle target perception algorithm, or combined identification based on the surrounding image information and the vehicle target perception algorithm, and may include other identification modes, for example, a mode of matching rules by using a plurality of different data sources.

In the embodiment of the invention, a plurality of preset identification modes can be set according to requirements, and the purpose of identifying the vehicle driving data through the plurality of preset identification modes is to identify whether the vehicle acquires sensitive area information in the driving process through the identification modes so as to ensure the accuracy and robustness of the identification result.

S103, determining whether the vehicle uploading data and/or the vehicle downloading data comprise privacy data or not according to a preset total data dictionary.

In this step, the acquired multiple pieces of collection source data of the multiple vehicles may be processed based on a plurality of preset processing nodes to generate a total data dictionary, where the total data dictionary includes data types and attribute information corresponding to each of the data types, and the attribute information includes a source, a storage mode, a destruction term, or a security level.

In the embodiment of the invention, a preset total data dictionary can identify the data source, the data type, the data use and other related attribute information (such as storage mode, destruction term or security level) of each acquired vehicle real-time data (the vehicle upload data and/or the vehicle download data), that is, the total data dictionary can be understood as a data dictionary, and after the system acquires a data, the system can know the related information of the data by referring to the data dictionary. For example, after the total data dictionary is established, when the vehicle driving data is acquired, the data type corresponding to the vehicle driving data can be inquired through the total data dictionary and is vehicle positioning, the data source is acquired by a vehicle chassis sensor, the data users are ACC, HWA, LKS and NGP, the storage mode is local cache, the destruction period is one hour, and the safety level is S3 and other attribute information. When the navigation target address is obtained, attribute information such as the data type corresponding to the navigation target address is inquired through a general data dictionary and is an address, the data source is input by a vehicle cabin user, the data user is an NGP (Next Generation network), the storage mode is a local hard disk, the destruction time limit is two weeks, and the safety level is S2.

It should be noted that, the total data dictionary is generated by processing the acquired multiple pieces of collected source data of multiple vehicles according to preset multiple processing nodes, where the multiple pieces of collected source data of multiple vehicles here may be historically collected vehicle data, i.e. static data, or alternatively, the vehicle upload data and/or the vehicle download data in step S103 are real-time vehicle data, i.e. dynamic data, which are different from each other. In practical application, after the real-time vehicle data are obtained, the real-time vehicle data are subsequently used as static data to continue training the total data dictionary based on the use feedback of the user, so that the accuracy of the total data dictionary in data recognition is improved.

And S104, performing risk assessment on the target IP address corresponding to the vehicle uploading data, and determining whether the target IP address is a suspicious IP address.

In this step, the destination IP address refers to an upload target of the vehicle upload data.

In the embodiment of the invention, the risk evaluation can be carried out on the target IP address in an IP address reverse query mode or a preset threat attack reputation base identification mode so as to determine whether the target IP address is a suspicious IP address. For example, when the target IP address is queried to be a foreign IP address in a reverse IP address query manner, the target IP address is considered to be a suspicious IP address, so that according to the protective measures of subsequent steps, the vehicle upload data is prevented from being leaked to the foreign, and the data security is also ensured.

S105, if it is determined that the vehicle acquires sensitive area information, the vehicle uploading data and/or the vehicle downloading data comprise privacy data or the target IP address is a suspicious IP address in the driving process, protection is carried out according to a predefined policy rule.

In this step, the predefined policy rules may be set according to requirements, for example, the protection measures corresponding to the three situations may be set respectively, and the protection measures in the predefined policy rules corresponding to the three situations are different.

In the embodiment of the invention, for example, when it is determined that the vehicle acquires the information of the sensitive area in the driving process, the log can be used for monitoring the data acquisition and use activity, performing fuzzification and desensitization treatment on data such as images and the like, interrupting data acquisition or uploading, even stopping the vehicle and the like. And when the target IP address is determined to be a suspicious IP address, the data transmission is interrupted without stopping or fuzzifying and desensitizing the data such as the image and the like.

In the embodiment of the vehicle data control method provided by the invention, vehicle uploading data and vehicle downloading data acquired and processed by an acquisition system are acquired, and the vehicle uploading data comprises vehicle running data; the method comprises the steps of identifying vehicle running data according to multiple preset identification modes, determining whether sensitive area information is collected in the running process of a vehicle, determining whether vehicle uploading data and vehicle downloading data comprise privacy data or not according to a preset total data dictionary, carrying out risk assessment on a target IP address corresponding to the vehicle uploading data, determining whether the target IP address is a suspicious IP address or not, and if the sensitive area information, the vehicle uploading data and the vehicle downloading data comprise the privacy data or the target IP address is the suspicious IP address, protecting according to a predefined policy rule, so that the real-time performance and the timeliness of vehicle data control are improved, and meanwhile, the efficiency of vehicle data control is improved.

Fig. 4 is a schematic flowchart of a method for controlling vehicle data according to an embodiment of the present invention, and as shown in fig. 4, the method according to the embodiment may include:

s201, vehicle real-time data collected and processed by a system are obtained, wherein the vehicle real-time data comprise vehicle uploading data and vehicle downloading data, and the vehicle uploading data comprise vehicle running data.

In the embodiment of the present invention, the step may be executed in step S101.

S202, identifying the vehicle running data according to multiple preset identification modes, and determining whether sensitive area information is collected during the running process of the vehicle.

In this embodiment of the present invention, step S202 may include the following implementation scenarios:

in one implementation scenario, step S202 may include: determining a route position and a current position of the vehicle from the vehicle driving data; determining whether a place corresponding to the path position or the current position is the same as a sensitive place in the sensitive area information base or not based on the acquired sensitive area information base; and if the position corresponding to the path position or the current position is judged to be the same as the sensitive position in the sensitive area information base, determining that the vehicle acquires the sensitive area information in the driving process.

In the scene, a preset sensitive area information base comprises a plurality of sensitive places, whether the sensitive area information is acquired by the vehicle in the driving process can be determined by judging whether the place corresponding to the path position or the current position is the same as the sensitive place in the sensitive area information base, and specifically, if the place corresponding to the path position or the current position is judged to be the same as the sensitive place in the sensitive area information base, the vehicle is indicated to acquire the sensitive area information in the driving process, and a protective measure of a subsequent step needs to be executed; if the position corresponding to the path position or the current position is judged to be different from the sensitive position in the sensitive area information base, the fact that the sensitive area information is not collected in the driving process of the vehicle is indicated, and protective measures of subsequent steps do not need to be executed.

In another implementation scenario, step S202 may include: judging whether a special mark of a sensitive area is identified in the driving process of the vehicle or not through a vehicle target perception algorithm; and if the special mark of the sensitive area is identified in the driving process of the vehicle, determining that the sensitive area information is acquired in the driving process of the vehicle.

In this scenario, for example, as shown in fig. 5, there are usually some forbidden tags at the perimeter entrance of the sensitive area, such as "military forbidden zone, forbidden entry", and so on. The ICVOS identifies the forbidden sign B by starting a target perception algorithm of the vehicle A based on a control function of the vehicle, and then judges that the vehicle A acquires sensitive area information in the driving process and needs to execute protective measures of subsequent steps.

The invention discloses a vehicle target perception algorithm, which is characterized in that the prior vehicle target perception algorithm can only identify lane lines, traffic signs, pedestrians, obstacles and the like for the automatic driving function, and is different from the prior vehicle target perception algorithm.

In another implementation scenario, step S202 may include: acquiring peripheral image information of the vehicle; judging whether a special mark of a sensitive area is identified in the driving process of the vehicle or not through a vehicle target perception algorithm and the surrounding image information; and if the special mark of the sensitive area is identified in the driving process of the vehicle, determining that the sensitive area information is acquired in the driving process of the vehicle.

In the scene, due to various environmental constraints (for example, a certain part of a special mark is blocked), the vehicle target perception algorithm cannot exactly identify the special mark of the sensitive area, but the surrounding image information provides some other target information (such as a lane, a special target, traffic restrictions and the like) around the vehicle, and after the correlation analysis, it is possible for the vehicle to make a judgment that the vehicle enters the sensitive area. For example, as shown in fig. 6, since the forbidden sign board B (a part of the special identification of the sensitive area) is blocked by the obstacle C, it may be impossible to sense whether the forbidden sign board is a sensitive area only through the vehicle target sensing algorithm, so the ICVOS captures the surrounding environment image by starting the camera function of the vehicle a based on the control function of the vehicle, and thus comprehensively determines that the sensitive area information is collected by the vehicle during the driving process based on the surrounding environment image and the sensing result of the vehicle target sensing algorithm. For example, in this scenario, after the camera function of the vehicle a is started, the surrounding environment image is captured to include the guideboard "D way", so that based on the combination of the surrounding image information (the current vehicle a is located on the D way), the sensing result of the vehicle target sensing algorithm (for example, an intersection appears in front of the left side of the current vehicle a), and the information that the intersection of the D way includes the forbidden mark board B, the special mark that the vehicle a recognizes the sensitive area during the driving process is determined through comprehensive analysis, and it is determined that the vehicle a collects the sensitive area information during the driving process.

It should be noted that, the peripheral image information of the vehicle may be obtained by controlling vehicle shooting through the ICVOS when the vehicle target perception algorithm cannot normally perceive the vehicle, or may be carried by the vehicle when uploading the vehicle driving data of the vehicle, so as to improve the real-time performance and the timeliness of determining whether the vehicle recognizes the special mark of the sensitive area during the driving process.

S203, processing the acquired multiple acquisition source data of the multiple vehicles based on the preset multiple processing nodes to generate a total data dictionary, wherein the total data dictionary comprises data types and attribute information corresponding to each data type, and the attribute information comprises sources, storage modes, destruction time limits or security levels.

In this step, the plurality of collected source data includes vehicle dynamics data, map positioning data, vehicle positioning data, camera data, millimeter wave radar data, lidar data, ultrasonic radar data, or perception data derived from a vehicle chassis, where the perception data includes lane line identification data, lidar target data, or image target data.

In the embodiment of the present invention, the purpose of generating the total data dictionary is to identify the data source, data type, data usage and other related attribute information (for example, storage mode, destruction period or security level) of each acquired vehicle real-time data (the vehicle upload data and/or the vehicle download data), that is, the total data dictionary may be understood as a data dictionary, and after the system acquires a data, the system refers to the data dictionary to know the related information of the data, so that when new data or real-time data is acquired later, the related information of the data can be determined based on the total data dictionary.

S204, determining whether the vehicle uploading data and/or the vehicle downloading data comprise privacy data or not according to a preset total data dictionary.

In this step, the privacy data may be identity data. For example, the identification data may include an identification number, a telephone number, a bank card number, a license plate number, a VIN, and the like. In addition, the privacy data may also be confidential data, and the like, which is not limited in the embodiment of the present invention.

In the embodiment of the present invention, as an alternative, taking the example that the privacy data includes the identity data, step S204 may specifically include:

s2041, determining the data type of the vehicle uploading data and/or the vehicle downloading data and corresponding attribute information based on the total data dictionary.

S2042, when the data type of the vehicle uploading data and/or the vehicle downloading data comprises identity data and the security level corresponding to the identity data is greater than a preset security level, determining that the vehicle uploading data and/or the vehicle downloading data comprises privacy data.

In this step, for example, when it is detected through the total number dictionary that the vehicle upload data includes an identification number, a telephone number, a bank card number, or a license plate number, and the total data dictionary sets a security level of 3 for these data (for example, the preset security level is level 1), the vehicle upload data and/or the vehicle download data are considered to include privacy data.

It should be noted that the data type to which the vehicle upload data and/or the vehicle download data belong includes identity data, and a security level corresponding to the identity data is greater than a preset security level is merely an example, and in addition, other manners may also be included to determine whether the vehicle upload data and/or the vehicle download data include privacy data, which is not limited in the embodiment of the present invention.

S205, performing risk assessment on the target IP address corresponding to the vehicle uploading data, and determining whether the target IP address is a suspicious IP address.

In this step, the target IP address refers to an object to which the vehicle uploads data. For example, when the vehicle uploads data to an IP address in the cloud, the IP address is the target IP address.

In this embodiment of the present invention, step S205 may include the following implementation scenarios:

in an implementation scenario, step S205 may include: and according to a preset threat attack credit database, performing risk assessment on a target IP address corresponding to the vehicle uploading data, and determining whether the target IP address is a suspicious IP address.

The process of "performing risk assessment on the target IP address corresponding to the vehicle upload data" may include: judging whether the target IP address is the same as a suspicious IP address in a preset threat attack credit database or not; and if the target IP address is judged to be the same as the suspicious IP address in the preset threat attack credit database, determining the target IP address as the suspicious IP address.

In the scene, a preset threat attack credit database comprises a plurality of suspicious IP addresses, and when the target IP address is judged to be the same as the suspicious IP address in the preset threat attack credit database, the target IP address is determined to be the suspicious IP address, and subsequent protection measures are required to be executed; if the target IP address is judged to be different from the suspicious IP address in the preset threat attack credit database, the target IP address is judged to be not the suspicious IP address, and the uploading object of the vehicle is continuously detected. In the embodiment of the invention, the purpose of judging whether the target IP address is the suspicious IP address is to ensure the safety of data and avoid the property safety caused by the leakage of vehicle data.

It should be noted that the above-mentioned scheme of directly determining whether the target IP address is the same as the suspicious IP address in the preset threat attack reputation library is only an example, and in addition, it may also be determined whether the target IP address is the suspicious IP address by determining an IP segment or the like, which is not limited in the embodiment of the present invention. For example, taking a foreign IP address as a suspicious IP, by acquiring a chinese IP segment list and determining an IP segment outside the chinese IP segment list as a foreign IP segment, based on the chinese IP segment and the foreign IP segment, it is determined whether the target IP address belongs to a foreign IP address, thereby determining whether the target IP address is a suspicious IP address.

In another implementation scenario, step S205 may include: and determining whether the target IP address is a suspicious IP address or not in an IP address reverse query mode.

In this scenario, for example, taking a foreign IP address as a suspicious IP address, when the target IP address is queried in a reverse IP address query manner, the target IP address is considered as the suspicious IP address, so that according to the protection measures of the subsequent steps, the vehicle upload data is prevented from being leaked to the foreign, and the data security is ensured.

S206, if it is determined that the vehicle acquires sensitive area information, the vehicle uploading data and/or the vehicle downloading data comprise privacy data or the target IP address is a suspicious IP address in the driving process, protection is carried out according to a predefined policy rule.

In this step, the predefined policy rules include multiple levels of policy rules and a priority corresponding to each level of policy rules. For example, the multi-level policy rules include a factory default policy rule, a user set policy rule, and a government defined policy rule, and the priority of the factory default policy rule < the priority of the user set policy rule < the priority of the government defined policy rule. Specifically, for vehicle real-time data, the default policy rules of the vehicle factory may be to allow the vehicle real-time data to be uploaded to the cloud for enhancement of the vehicle target awareness algorithm or shared with third parties (for advertising). But the policy rules set by the user only allow vehicle real-time data for the enhancement of the vehicle perception algorithm but not for third party sharing (e.g., the user may block the application of vehicle real-time data for advertising by customizing the policy). Government defined policy rules may dictate that all vehicle real-time data must be prohibited from being uploaded in certain sensitive areas of the vehicle. In addition to this, other levels of policy rules are included.

It should be noted that the purpose of setting the multi-level policy rules and the priority corresponding to each level of policy rules is to protect the sensitive behavior of the vehicle (the vehicle acquires sensitive area information during the driving process, the vehicle upload data and/or the vehicle download data include privacy data, or the target IP address of the vehicle upload data is a suspicious IP address) based on the scene where the vehicle is located and the highest level policy rule in the scene, so that the accuracy and robustness of data protection can be ensured.

In the embodiment of the present invention, step S206 may include the following implementation scenarios:

in one implementation scenario, step S206 may include: if the fact that the sensitive area information is collected in the driving process of the vehicle is determined, protection is carried out according to a predefined strategy rule, wherein the strategy rule comprises one or the combination of any several items: monitoring data acquisition using activities by using logs, performing fuzzification desensitization treatment on image data of a camera of the vehicle, interrupting data acquisition or uploading of the vehicle, and sending a parking instruction.

In the scene, for example, since the vehicle acquires the sensitive area information in the driving process, but the sensitive area information belongs to the national secrets and is not allowed to be acquired, the sensitive area information can be prevented from being acquired by performing blurring and desensitization processing on the image data of the camera of the vehicle; if the vehicle is allowed to run into the sensitive area, the vehicle can be controlled to stop entering the sensitive area by sending a parking instruction, and the safety of the information in the sensitive area is further ensured.

For example, as shown in fig. 7, when the system 23 determines from the vehicle driving data sent by the vehicle 21 that the vehicle acquires the sensitive area information during driving, it performs blurring and desensitization processing on the image data of the camera of the vehicle, interrupts data acquisition or uploading of the vehicle, or sends a parking instruction to the vehicle.

In another implementation scenario, step S206 may include: if the vehicle uploading data and/or the vehicle downloading data are judged to comprise private data, protection is carried out according to a predefined policy rule, wherein the policy rule comprises one or any combination of the following items: interrupting the data uploading or collection of the vehicle, recording the data uploading event of the vehicle or the data downloading event of the vehicle, and starting a user authorization application.

In this scenario, for example, since the call authority or the positioning information of the user needs to be collected in the vehicle download data (for example, downloading a certain vehicle-mounted APP), the user authorization application needs to be started to ensure that the vehicle real-time data is collected when the user knows the situation (even if the vehicle download data is used for a normal service, the user must obtain the use authorization in advance to inform the user of the information of what data is destroyed, the use purpose, how to store, the time limit, and the like), and at the same time, the event of the vehicle download data needs to be recorded through the log so as to be traced later.

For example, as shown in fig. 8, when the system 23 determines from the vehicle upload data sent by the vehicle 21 that the vehicle upload data and/or the vehicle download data include private data, the system 23 interrupts the vehicle data upload and records the event of the vehicle upload data.

For example, as shown in fig. 9, when the vehicle 21 sends vehicle upload data to the cloud 22 and the system 23 captures that the vehicle upload data includes private data, the system 23 interrupts the data upload of the vehicle and records an event of the vehicle upload data.

For example, as shown in fig. 10, when the vehicle 21 acquires the vehicle download data from the cloud 22 and the system 23 captures that the vehicle download data includes private data, the system 23 interrupts data acquisition of the vehicle, records an event of the vehicle download data, and initiates a user authorization application.

In another implementation scenario, step S206 may include: if the target IP address is judged to be a suspicious IP address, protection is carried out according to a predefined policy rule, wherein the policy rule comprises one or the combination of any two of the following items: and interrupting the data transmission of the vehicle and recording the event of uploading data by the vehicle.

In this scenario, interrupting the data transmission of the vehicle may include interrupting the data upload of the vehicle or interrupting the data collection of the vehicle. For example, when a vehicle application attempts to upload vehicle real-time data related to private data to an IP address in a cloud, the system finds that the IP address is located abroad after inquiring in a reverse IP address manner, interrupts transmission of the data at the time according to a predefined policy rule, and records an event of collecting the data at the time into a log for subsequent tracing, wherein the private data may include addresses, telephones, credit cards, consumption preferences, and the like (if stolen, the private data may be used for various criminal activities, which causes loss to the property of a user and the security of the user), so the property security and the information security of the user can be ensured by the above scheme.

For example, as shown in fig. 11, when the vehicle 21 sends vehicle upload data to a certain IP address (target IP address) in the cloud 22 and the system 23 captures that the target IP address is a suspicious IP address, the system 23 interrupts data transmission of the vehicle and records an event of the vehicle upload data.

In the embodiment of the invention, protection is carried out according to different policy rules by different sensitive behaviors (the vehicle acquires sensitive area information, the vehicle uploading data and/or the vehicle downloading data comprises privacy data or the target IP address of the vehicle uploading data is a suspicious IP address) in the driving process, so that the safety of the vehicle data and the safety of sensitive regional information can be ensured.

In the embodiment of the vehicle data control method provided by the invention, vehicle uploading data and vehicle downloading data acquired and processed by an acquisition system are acquired, and the vehicle uploading data comprises vehicle running data; the method comprises the steps of identifying vehicle running data according to multiple preset identification modes, determining whether sensitive area information is collected in the running process of a vehicle, determining whether vehicle uploading data and vehicle downloading data comprise privacy data or not according to a preset total data dictionary, carrying out risk assessment on a target IP address corresponding to the vehicle uploading data, determining whether the target IP address is a suspicious IP address or not, and if the sensitive area information, the vehicle uploading data and the vehicle downloading data comprise the privacy data or the target IP address is the suspicious IP address, protecting according to a predefined policy rule, so that the real-time performance and the timeliness of vehicle data control are improved, and meanwhile, the efficiency of vehicle data control is improved. According to the invention, the visibility of the whole data format and the capability of data summarization are ensured by setting the strong coupling of the vehicle data processing flow based on the total data dictionary and the strategy rule base.

Fig. 12 is a schematic structural diagram of a vehicle data control device according to an embodiment of the present invention, and as shown in fig. 12, the vehicle data control device 10 includes:

the acquisition module 11 is configured to acquire vehicle real-time data acquired and processed by a system, where the vehicle real-time data includes vehicle upload data and vehicle download data, and the vehicle upload data includes vehicle driving data;

the determining module 12 is configured to identify the vehicle driving data according to multiple preset identification modes, and determine whether sensitive area information is acquired during driving of the vehicle; determining whether the vehicle uploading data and/or the vehicle downloading data comprise privacy data or not according to a preset total data dictionary; performing risk assessment on a target IP address corresponding to the vehicle uploading data, and determining whether the target IP address is a suspicious IP address;

and the processing module 13 is configured to perform protection according to a predefined policy rule if it is determined that the vehicle acquires sensitive area information, the vehicle upload data, and/or the vehicle download data in the driving process includes private data or the target IP address is a suspicious IP address.

Optionally, in an embodiment of the present invention, the determining module 12 of the apparatus is specifically configured to determine the route position and the current position of the vehicle from the vehicle driving data; determining whether a place corresponding to the path position or the current position is the same as a sensitive place in the sensitive area information base or not based on the acquired sensitive area information base; and if the position corresponding to the path position or the current position is judged to be the same as the sensitive position in the sensitive area information base, determining that the vehicle acquires the sensitive area information in the driving process.

Optionally, in an embodiment of the present invention, the determining module 12 of the apparatus is specifically configured to determine, through a vehicle target sensing algorithm, whether the vehicle recognizes a special mark of the sensitive area during the driving process; and if the special mark of the sensitive area is identified in the driving process of the vehicle, determining that the sensitive area information is acquired in the driving process of the vehicle.

Optionally, in the embodiment of the present invention, the determining module 12 of the apparatus is specifically configured to determine, through a vehicle target perception algorithm and the surrounding image information, whether the vehicle recognizes a special mark of the sensitive area during the driving process; and if the special mark of the sensitive area is identified in the driving process of the vehicle, determining that the sensitive area information is acquired in the driving process of the vehicle.

Optionally, in an embodiment of the present invention, the apparatus further includes: a module 14 is generated.

The generation module 14 is configured to process the acquired multiple pieces of collection source data of the multiple vehicles based on a plurality of preset processing nodes to generate a total data dictionary, where the total data dictionary includes data types and attribute information corresponding to each data type, and the attribute information includes a source, a storage mode, a destruction term, or a security level.

Optionally, in this embodiment of the present invention, the determining module 12 of the apparatus is specifically configured to determine, based on the total data dictionary, a data type and corresponding attribute information to which the vehicle upload data and/or the vehicle download data belong; and when the data type to which the vehicle uploading data and/or the vehicle downloading data belong comprises identity data and the security level corresponding to the identity data is greater than a preset security level, determining that the vehicle uploading data and/or the vehicle downloading data comprise privacy data.

Optionally, in the embodiment of the present invention, the determining module 12 of the apparatus is specifically configured to perform risk assessment on a target IP address corresponding to the vehicle upload data according to a preset threat attack reputation library, and determine whether the target IP address is a suspicious IP address; or, determining whether the target IP address is a suspicious IP address or not in an IP address reverse query mode. Wherein, the performing risk assessment on the target IP address corresponding to the vehicle uploading data according to a preset threat attack reputation base and determining whether the target IP address is a suspicious IP address comprises: judging whether the target IP address is the same as a suspicious IP address in a preset threat attack credit database or not; and if the target IP address is judged to be the same as the suspicious IP address in the preset threat attack credit database, determining the target IP address as the suspicious IP address.

Optionally, in the embodiment of the present invention, if it is determined that the vehicle acquires the sensitive area information during the driving process, the processing module 13 of the apparatus is specifically configured to perform protection according to a predefined policy rule, where the policy rule includes one or a combination of any two of the following items: monitoring data acquisition using activities by using logs, performing fuzzification desensitization treatment on image data of a camera of the vehicle, interrupting data acquisition or uploading of the vehicle, and sending a parking instruction;

if it is determined that the vehicle upload data and/or the vehicle download data include private data, the processing module 13 is specifically configured to perform protection according to a predefined policy rule, where the policy rule includes one or a combination of any two of the following items: interrupting data uploading or acquisition of the vehicle, recording an event of data uploading of the vehicle or an event of data downloading of the vehicle, and starting a user authorization application;

if the target IP address is determined to be a suspicious IP address, the processing module 13 is specifically configured to perform protection according to a predefined policy rule, where the policy rule includes one or a combination of any two of the following items: and interrupting the data transmission of the vehicle and recording the event of uploading data by the vehicle.

Optionally, in this embodiment of the present invention, the predefined policy rules include multiple levels of policy rules and priorities corresponding to the policy rules of each level.

Optionally, in an embodiment of the present invention, the multiple collected source data includes vehicle dynamics data, map positioning data, vehicle positioning data, camera data, millimeter wave radar data, lidar data, ultrasonic radar data, or perception data derived from a vehicle chassis, where the perception data includes lane line identification data, lidar target data, or image target data.

Fig. 13 is a block diagram of a control device for vehicle data according to an embodiment of the present invention, where an apparatus 800 of the device may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.

The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operations at the apparatus 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.

The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each of the front and rear cameras may be a fixed optical lens system or a camera with focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed status of the device 800, the relative positioning of components, such as a display and keypad of the device 800, the sensor assembly 814 may also detect a change in the position of the device 800 or a component of the device 800, the presence or absence of user contact with the device 800, the orientation or acceleration/deceleration of the device 800, and a change in the temperature of the device 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

The embodiment of the invention also provides a computer-readable storage medium, wherein a computer executing instruction is stored in the computer-readable storage medium, and when a processor executes the computer executing instruction, the vehicle data control method of the embodiment of the method is realized. Such as the memory 804 including instructions executable by the processor 820 of the device 800 to perform the methods described above. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

A non-transitory computer-readable storage medium, in which instructions, when executed by a processor of a client, enable the client to execute the above-described control method of vehicle data.

Embodiments of the present invention further provide a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the control method of the vehicle data as described above.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims

1. A control method of vehicle data, characterized by comprising:

if the fact that the vehicle acquires sensitive area information, the vehicle uploading data and/or the vehicle downloading data comprise privacy data or the target IP address is a suspicious IP address in the driving process is determined, protection is carried out according to a predefined policy rule;

according to a plurality of preset identification modes, identifying the vehicle driving data and determining whether the vehicle acquires sensitive area information in the driving process comprises the following steps:

and if the position corresponding to the path position or the current position is judged to be the same as the sensitive position in the sensitive area information base, determining that the sensitive area information is acquired by the vehicle in the driving process.

2. The method according to claim 1, before the determining whether the vehicle upload data and/or the vehicle download data include private data according to a preset total data dictionary, further comprising:

3. The method according to claim 2, wherein the determining whether the vehicle upload data and/or the vehicle download data include private data according to a preset total data dictionary comprises:

determining the data types and corresponding attribute information of the vehicle uploading data and/or the vehicle downloading data based on the total data dictionary;

and when the data type of the vehicle uploading data and/or the vehicle downloading data comprises identity data and the security level corresponding to the identity data is greater than a preset security level, determining that the vehicle uploading data and/or the vehicle downloading data comprises privacy data.

4. The method of claim 1, wherein the performing risk assessment on the target IP address corresponding to the vehicle upload data and determining whether the target IP address is a suspicious IP address comprises:

5. The method of claim 4, wherein the performing risk assessment on the target IP address corresponding to the vehicle upload data according to a preset threat attack reputation base to determine whether the target IP address is a suspicious IP address comprises:

6. The method according to any one of claims 1 to 5, wherein if it is determined that the vehicle collects sensitive area information, the vehicle upload data and/or the vehicle download data includes private data or the target IP address is a suspicious IP address during the driving process, the protecting according to the predefined policy rules comprises:

if the fact that the sensitive area information is collected in the driving process of the vehicle is determined, protection is conducted according to a predefined strategy rule, wherein the strategy rule comprises one item or the combination of any several items: monitoring data acquisition using activities by using logs, performing fuzzification desensitization treatment on image data of a camera of the vehicle, interrupting data acquisition or uploading of the vehicle, and sending a parking instruction;

if the vehicle uploading data and/or the vehicle downloading data are judged to comprise private data, protection is carried out according to a predefined policy rule, wherein the policy rule comprises one or the combination of any two items: interrupting data uploading or acquisition of the vehicle, recording an event of data uploading of the vehicle or an event of data downloading of the vehicle, and starting a user authorization application;

if the target IP address is judged to be a suspicious IP address, protection is carried out according to a predefined policy rule, wherein the policy rule comprises one item or the combination of any several items: and interrupting the data transmission of the vehicle and recording the event of uploading data by the vehicle.

7. The method according to any of claims 1-5, wherein the predefined policy comprises multiple levels of policy rules and a priority corresponding to each level of policy rules.

8. The method of claim 2, wherein the plurality of collected source data comprises vehicle dynamics data, map positioning data, vehicle positioning data, camera data, millimeter wave radar data, lidar data, ultrasonic radar data, or perception data derived from a vehicle chassis, wherein the perception data comprises lane line identification data, lidar target data, or image target data.

9. A control device of vehicle data, characterized by comprising:

the processing module is used for protecting according to a predefined policy rule if it is determined that the vehicle acquires sensitive area information, the vehicle uploading data and/or the vehicle downloading data in the driving process comprise privacy data or the target IP address is a suspicious IP address;

the determining module is used for specifically determining the route position and the current position of the vehicle from the vehicle driving data when the vehicle driving data is identified according to multiple preset identification modes and whether sensitive area information is acquired in the driving process of the vehicle is determined; determining whether a place corresponding to the path position or the current position is the same as a sensitive place in the sensitive area information base or not based on the acquired sensitive area information base; and if the position corresponding to the path position or the current position is judged to be the same as the sensitive position in the sensitive area information base, determining that the sensitive area information is acquired by the vehicle in the driving process.

10. A control apparatus of vehicle data, characterized by comprising: at least one processor and memory;

the memory stores computer-executable instructions;

the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the method of controlling vehicle data according to any one of claims 1 to 8.

11. A computer-readable storage medium, characterized in that a computer-executable instruction is stored therein, which when executed by a processor, implements the control method of vehicle data according to any one of claims 1 to 8.